- It seems likely that Cloudflare's standard tools cannot directly identify unused DNS records over 12 months due to data retention limits.
- Research suggests using Cloudflare's DNS analytics for recent data (up to 62 days for Enterprise) and Logpush for longer-term logging.
- The evidence leans toward needing external log storage via Logpush for comprehensive 12-month analysis, if not already set up.
Understanding Your Needs
You want to find DNS records not used in the last 12 months, and with 3500 entries, this is a significant task. Cloudflare offers tools, but there are limits based on your plan and setup.
What You Can Do Now
- Check Recent Data: Use Cloudflare's DNS analytics dashboard (Cloudflare DNS Analytics) to see query counts for the last 62 days (if you're on an Enterprise plan) or less, depending on your plan. Records with zero queries might be unused, but this only covers recent activity, not the full 12 months.
- Manual Review: For records with low recent activity, manually check if they correspond to active services or are documented as necessary. This can help, but with 3500 records, it’s time-consuming.
For Comprehensive Analysis (12 Months)
- Set Up Logpush: If you're on an Enterprise plan, use Cloudflare's Logpush service to push DNS query logs to your storage (e.g., AWS S3). This lets you store and analyze logs over 12 months, but only if you've been logging for that period. Set it up at Cloudflare Logpush Documentation.
- If Not Set Up Yet: Without prior logging, you can't retrieve 12 months of historical data directly from Cloudflare. You can start logging now for future analysis, but past data is unavailable.
Practical Approach
Given the limits, start by using analytics for recent data and flag records for review. For a full 12-month view, consider setting up Logpush for long-term tracking. If unsure about your plan or setup, check your Cloudflare dashboard for details.
This section provides a comprehensive exploration of methods to identify DNS records not used in the last 12 months, particularly for users with a large number of entries (e.g., 3500) managed through Cloudflare. The analysis considers Cloudflare's features, plan-specific limitations, and practical strategies, ensuring a thorough understanding for both technical and non-technical audiences.
DNS records are instructions stored on DNS servers, mapping domain names to IP addresses and other configurations, such as mail servers or service locations. For a domain with subdomains and 3500 entries, tracking usage is crucial for optimizing costs and security, especially if additional records impact expenses, as noted in community discussions (Removing Unnecessary DNS Records). Usage tracking involves analyzing DNS query logs to determine which records are queried over time, identifying those not used in the last 12 months as potentially unnecessary.
Cloudflare, as a DNS provider, offers tools like analytics and logs, but the retention period and accessibility vary by plan, affecting the ability to analyze historical data over 12 months.
Cloudflare provides DNS analytics, accessible via the dashboard or GraphQL API, to evaluate query data. This includes dimensions like query name, type, and response codes, allowing segmentation by specific DNS records. For example, you can see how many queries were made for "sub.example.com A" over a selected period.
However, the retention period for this data is plan-dependent:
- Free plans: 8 days
- Pro plans: 31 days
- Business plans: 31 days
- Enterprise plans: 62 days
This information was derived from reviewing Cloudflare's documentation, which indicates that the dashboard allows selecting a time frame, but the maximum is limited by the plan (Cloudflare DNS Analytics). For Enterprise customers, 62 days (about 2 months) is insufficient for a 12-month analysis, meaning standard analytics cannot directly identify unused records over the full period.
The analytics provide query counts per query name and type, effectively per DNS record, but the short retention period means it only captures recent activity. For instance, a record queried once a year might show zero queries in the last 62 days, leading to false positives if assumed unused.
For more detailed and historical data, Enterprise customers can access DNS logs through Cloudflare's Logpush service. Logpush pushes logs to external storage (e.g., AWS S3, Google Cloud Storage), allowing customers to retain data for as long as their storage policy permits. This is crucial for analyzing 12 months of data, as Cloudflare does not store logs indefinitely on their servers.
The process involves:
- Enabling Logpush for DNS logs, as detailed in Cloudflare Logpush Documentation.
- Configuring the destination and retention policy in the external storage.
- Analyzing the logs to count queries per DNS record over the desired period.
However, this requires prior setup. If Logpush was not enabled 12 months ago, historical data for that period is unavailable from Cloudflare. The documentation notes that by default, logs are not retained unless enabled, and the retention period for logs stored by Cloudflare (e.g., via Logpull) was not explicitly stated, suggesting it aligns with analytics retention (up to 62 days for Enterprise) unless pushed externally.
Community discussions and documentation suggest that for security logs like WAF, retention varies (e.g., 30 days for Enterprise), but for DNS logs, the focus is on Logpush for extended retention (Retention Period of Security Logs). Given the user's 3500 records, it's likely they are on a Business or Enterprise plan, making Logpush a viable option if set up.
Given the limitations, here are strategies to identify unused DNS records:
-
Use DNS Analytics for Recent Data:
- Access the dashboard at Cloudflare DNS Analytics and filter for the maximum period (e.g., 62 days for Enterprise).
- Identify records with zero queries in this period. This is a starting point, but recognize that records used infrequently (e.g., annually) may appear unused.
- Manually review flagged records by checking their purpose (e.g., does "sub.example.com" point to an active server?) and documentation.
-
Leverage Logpush for Historical Analysis:
- If Logpush is already set up for DNS logs, analyze the stored logs to count queries per record over 12 months. This requires scripting or using analytics tools to process the logs.
- If not set up, start now for future analysis, but past 12-month data is unavailable unless previously logged.
-
Combine Approaches:
- Use analytics to flag records with low recent activity, then cross-reference with internal documentation or service inventory. For example, if a record points to a decommissioned server, it's likely unused.
- For 3500 records, automate this by scripting Cloudflare API calls to list records and query analytics, flagging those with zero queries for manual review.
- Retention Limits: Standard analytics retention (up to 62 days for Enterprise) is insufficient for 12 months, and without Logpush, historical data is lost.
- Manual Effort: With 3500 records, manual review is impractical, necessitating automation or prioritization based on recent analytics.
- False Positives: Records with zero queries in recent data may still be used infrequently, requiring careful verification to avoid removing critical entries.
- Plan Dependency: Ensure your plan (likely Business or Enterprise given 3500 records) supports the necessary features. Check your dashboard for confirmation.
Below is a summary of retention periods for DNS analytics, based on the information reviewed:
| Plan | DNS Analytics Retention Period |
|---|---|
| Free | 8 days |
| Pro | 31 days |
| Business | 31 days |
| Enterprise | 62 days |
Note: DNS log retention via Logpush depends on external storage, not Cloudflare's default retention.
To gather statistics for DNS records not used in the last 12 months, the most reliable method is using Logpush to store and analyze DNS query logs externally, provided it was set up 12 months ago. Without prior logging, Cloudflare's standard tools (DNS analytics) only cover up to 62 days for Enterprise customers, requiring a combination of recent data analysis and manual verification for a partial solution. For future needs, setting up Logpush is recommended to ensure comprehensive historical data.
This analysis, conducted as of May 17, 2025, reflects the current understanding based on Cloudflare's documentation and community insights, acknowledging that plan details and features may evolve.